I didn't used to use it...but now am changing all queries to use it, as I
find them in my code...
very cool, just anotha new level of confidence...and power....
(if ya catch the lyric there, you're good)
-----Original Message-----
From: Ian Vaughan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 10:54 AM
To: CF-Talk
Subject: RE: Securing CF Apps.
Does anybody use the CFQUERYPARAM tag for securing sql which is highlighted
at
Securing Database Access Using the cfqueryparam Tag
http://www.macromedia.com/devnet/mx/coldfusion/articles/cfqueryparam.htm
l
-----Original Message-----
From: Tangorre, Michael [mailto:[EMAIL PROTECTED]
Sent: 23 March 2004 15:27
To: CF-Talk
Subject: RE: Securing CF Apps.
I do not encrypt all values in my forms (I do for URLs though).
The reason I
encrypt some form field values and not others is that they are not
all
important if altered by a malicious user...
For instance. If I have a text box, I do not need to encrypt a
date... My
checks to ensure that the text supplied in that field is a date will
take
care of that. I encrypt important values that are used within
queries:
SELECT *
FROM table
WHERE someId = Decrypt(form.idfield,"key")
This hides the type of values I am using to build the query with and
it also
limits the data that is exposed to the end user.
Mike
> > Yes. All URL and FORM variables should be encypted.
> Especially if you
> > are using a fusebox methodology.
>
> I've tried this, but my users were really upset with prompts
> such as this:
>
> "Please Enter the Hash value of the date you would like"
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- RE: Securing CF Apps. Marlon Moyer
- Re: Securing CF Apps. Adrocknaphobia
- RE: Securing CF Apps. Tangorre, Michael
- Re[2]: Securing CF Apps. Critter
- RE: Securing CF Apps. Tangorre, Michael
- RE: Securing CF Apps. Tom Kitta
- Re: Securing CF Apps. Jochem van Dieten
- RE: Securing CF Apps. Ian Vaughan
- RE: Securing CF Apps. Tom Kitta
- RE: Securing CF Apps. Matt Robertson
- RE: Securing CF Apps. Tony Weeg
- RE: Securing CF Apps. Ian Vaughan
- Re: Securing CF Apps. Adrocknaphobia
- Re: Securing CF Apps. Kwang Suh
- Re: Securing CF Apps. Adrocknaphobia
- Re: Securing CF Apps. Adrocknaphobia
- RE: Securing CF Apps. Tony Weeg
- Re: Securing CF Apps. Adrocknaphobia
- RE: Securing CF Apps. Tangorre, Michael
- RE: Securing CF Apps. Tangorre, Michael
- RE: Securing CF Apps. Kazmierczak, Kevin